A New Era of Telecommunications Surveillance: America in the 21st Century
(Summer, 2002) 
--------------
By The Prophet

As the satellite republics of the Soviet Union fell at the end of the twentieth
century, the Western world was shocked at the surveillance societies erected by
their authoritarian governments. From a population of 17 million in East
Germany, the dreaded Stasi secret police employed 34,000 officers, including
2,100 agents reading mail and 6,000 operatives listening to private telephone
conversations. Additionally, over 150,000 active informers and up to two
million part-time informers were on the payroll. Files were maintained by the
Stasi on more than one out of three East Germans, comprising over a billion
pages of information.

While centralized domestic surveillance in the United States has probably not
yet reached the levels seen in East Germany, the picture is very different when
government databases are linked and especially when government databases are
linked with commercial ones. To help it fight the insane "war on [some] drugs,"
the federal government has already connected the databases of the Customs
Service, the Drug Enforcement Agency, the IRS, the Federal Reserve, and the
State Department. These are accessible via FinCEN and other law enforcement
networks (and probably via classified intelligence networks as well - but sorry,
that's classified). Additionally, the United States has relatively few data
protection laws (particularly concerning the collection of data for commercial
purposes), meaning the extensive use of computer matching has led to a "virtual"
national data bank. With only a few computer searches, and without obtaining a
search warrant, law enforcement can gather a comprehensive file on virtually
any U.S. citizen in a matter of minutes.

Telecommunications, unlike paper and electronic records, enjoyed much stronger
privacy protections until September 11. Americans have the egregious
wiretapping abuses of J. Edgar Hoover's FBI to thank for this. However, long
before September 11, the FBI was laying the groundwork to turn the U.S.
telecommunications system into a surveillance infrastructure. This began in
1994 when, at the strong urging of former FBI Director Louis Freeh, Congress
passed the Communications Assistance for Law Enforcement Act (CALEA, pronounced
"Kuh-LEE-uh," for short).

The legal reasoning behind CALEA is fairly recent and, to fully understand it,
it should be considered in light of the failed Clipper Chip key escrow
initiatives of the early 1990s. During the consideration of key escrow
legislation (which ultimately failed) and CALEA (which was ultimately
successful), the FBI nearly convinced Congress that Americans have no legal or
moral right to keep any secrets from the government. Fortunately, Congress was
not fooled; they decided that while Americans should be subject to surveillance
of all of their communications, citizens could still keep secrets from the
government. How magnanimous of them! The stated purpose of CALEA is to
preserve, despite advances in technology, the surveillance capabilities law
enforcement agencies possessed in 1994. The actual implementation of CALEA,
predictably, has been much broader than Congress originally contemplated.

Technically, the FCC is tasked with determining the surveillance capabilities
telecommunications carriers are required to provide. Because surveillance is
not the core competency of the FCC, they have deferred to the FBI's expertise,
and serve as a "rubber stamp" for the technical requirements the FBI requests.
Privacy groups have widely criticized the resultant 11-point  punch list,  with
which telecommunications carriers must comply, as a dramatic expansion of the
capabilities originally contemplated by CALEA. For example, mobile telephones
containing GPS locators have recently appeared on the market. Touted as a
safety feature, GPS is also a surveillance feature mandated by CALEA. If you
carry such a phone, the FBI knows exactly where you are at all times. (Of
course, J. Edgar Hoover's FBI will only use that capability against criminals
and terrorists, right?)

Other technical requirements on the "punch list" include the capability to
intercept all packet-switched communications, which includes Internet traffic.
The FBI presents this in seemingly reasonable terms; they just want to tap
Voice over IP (VoIP) and other packet-mode voice communications like any other
telephone call. Of course, to those familiar with TCP/IP, this is very
frightening indeed; the only way to intercept the "bad guy's" data is to look
at everyone's data. On the Internet, this is accomplished with DCS1000
(formerly Carnivore) and other proprietary surveillance devices. The FBI really
likes to keep secrets, so they won't reveal a complete list of the surveillance
devices they use, won't reveal the manufacturers, and won't release a full list
of surveillance capabilities. In the face of intense Congressional pressure,
the FBI reluctantly allowed one "independent technical review" of the nearly
obsolete Carnivore system.

However, this was conducted on such restrictive terms that MIT, Purdue,
Dartmouth, and UCSD refused to participate on the grounds the study was rigged.
Jeffery Schiller, when explaining MIT's refusal to CNN, said, "In essence, the
Justice Department is looking to borrow our reputation, and we re not for sale
that way."

Eventually a research team at the obscure Illinois Institute of Technology
Research Institute was selected to perform the study. While the FBI intended to
keep the identities of the "independent researchers" a secret, they
accidentally leaked the researchers names on an incorrectly formatted Adobe
PDF document. So much for secrets. As it turned out, three of the supposedly
"independent" team members possessed active security clearances (including
top-secret NSA and IRS clearance go figure), and two others had close ties to
the White House. With the deck so carefully stacked in the FBI's favor, it is
surprising (and telling) the IITRI study warned Carnivore "does not provide
protections, especially audit functions, commensurate with the level of the
risks," and was vulnerable to "physical attacks, software bugs, or power
failures." The ACLU offered to perform its own review of Carnivore, but the FBI
not-so-politely declined. In the interim, the next release of Carnivore, called
DCS1000, is now in operation. As with Carnivore, the capabilities of DCS1000
are not fully disclosed. Mysteriously, many Internet Service providers (ISPs),
including Comcast and Sprint, have implemented so-called "transparent proxy"
servers, possessing extensive logging capabilities. Comcast, in a widely
publicized incident that even drew the ire of U.S. Representative (and hacker
foe) Ed Markey, was caught associating the web browsing habits of its customers
with their IP addresses. While Comcast claims they no longer collect this
information, it is likely that other ISPs have implemented similar technology
and equally likely that Comcast could resume logging at the FBI's request.

While telecommunications providers are wary of providing the FBI with direct
access to their infrastructure, most do not object out of privacy
considerations. Instead, they are primarily concerned that the FBI s activities
do not cause disruptions in service. Telecommunications carriers are
particularly indignant at court rulings requiring they provide the FBI with
direct access to telephone switches, and grant them the ability to install
their own software upon the switches. Lucent implemented this capability on the
5ESS switch in the 5E14 software revision, which nearly every 5ESS in the
country now runs. Surveillance capabilities have also been present for some
time on the Nortel DMS100 platform. While the capabilities of the FBI's switch
software are, like DCS1000, presently unknown, the 5E14 software revision
incorporates a number of useful surveillance features on its own. For example,
when a surveillance target makes a phone call, the switch can silently
conference in a pre programmed telephone number. Because the FBI also keeps
secrets from telecommunications providers, even refusing to share basic
architectural information, providers are skeptical of the FBI's assurances that
no potential for disruption exists. Additionally, because most surveillance
capabilities are provided by the FBI's own software, telecommunications
providers cannot audit court-ordered wiretaps. (Of course, J. Edgar Hoover's
FBI is trustworthy, so checks and balances are not necessary.)

The cost of implementing surveillance capabilities is also of major concern to
telecommunications providers. In exchange for retrofitting the nation s
telecommunications infrastructure with a surveillance architecture of which
Stalin could only dream (at one point in the CALEA legislative process, the FBI
proposed implementing the capability to simultaneously intercept and record one
out of every 100 telephone conversations taking place in each central office),
the federal government promised $500 million to telecommunications carriers.
However, implementing all of the requirements on the CALEA "punch card" is
estimated to cost the cash-strapped telecommunications industry as much as $607
million. With the additional "roving wiretap" capabilities granted to the FBI
after September 11 in the obliquely named U.S.A Patriot Act, the cost of
implementation is likely to soar even higher.

Americans face a new, and potentially dangerous, era of surveillance. History
has proven through the nuclear arms race, the Nixon administration, and other
similar craziness that things that are possible are not necessarily a good
idea. Surveillance societies have appeared in the not so recent past, and they
were frightening indeed. Stalin s Russia. Ceausescu's Romania. Hoenecker s East
Germany. Perhaps the United States can avoid the mistakes made by the
surveillance societies of the twentieth century. And perhaps J. Edgar Hoover's
FBI is also completely honest, professional, and incorruptible - just like
Robert Hanssen.